From owner-freebsd-hackers@freebsd.org Fri Jul 13 15:13:11 2018 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3A7BB1040084 for ; Fri, 13 Jul 2018 15:13:11 +0000 (UTC) (envelope-from dirkx@webweaving.org) Received: from weser.webweaving.org (weser.webweaving.org [148.251.234.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "weser.webweaving.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B16818A81B for ; Fri, 13 Jul 2018 15:13:10 +0000 (UTC) (envelope-from dirkx@webweaving.org) Received: from beeb.leiden.webweaving.org (5ED06D14.cm-7-1b.dynamic.ziggo.nl [94.208.109.20]) (authenticated bits=0) by weser.webweaving.org (8.15.2/8.15.2) with ESMTPSA id w6DFBpBY084822 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 13 Jul 2018 17:11:52 +0200 (CEST) (envelope-from dirkx@webweaving.org) X-Authentication-Warning: weser.webweaving.org: Host 5ED06D14.cm-7-1b.dynamic.ziggo.nl [94.208.109.20] claimed to be beeb.leiden.webweaving.org Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: Limits to seeding /dev/random | random(4) From: Dirk-Willem van Gulik In-Reply-To: <1531489904.66719.43.camel@freebsd.org> Date: Fri, 13 Jul 2018 17:11:51 +0200 Cc: cem@freebsd.org, "freebsd-hackers@freebsd.org" Content-Transfer-Encoding: quoted-printable Message-Id: <84E1C233-5855-43DC-BC58-CAFFA216D1D7@webweaving.org> References: <3A988D26-7B08-4301-8176-B0ED8A559420@webweaving.org> <1531317515.66719.20.camel@freebsd.org> <20180712165751.1e5b8e24@gumby.homeunix.com> <7C42CD28-078F-4AF6-90F2-5E951F8386D5@webweaving.org> <55685C1F-4711-40C7-8EB4-2930BF8C9884@webweaving.org> <1531489904.66719.43.camel@freebsd.org> To: Ian Lepore X-Mailer: Apple Mail (2.3273) X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (weser.webweaving.org [148.251.234.232]); Fri, 13 Jul 2018 17:11:53 +0200 (CEST) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jul 2018 15:13:11 -0000 > On 13 Jul 2018, at 15:51, Ian Lepore wrote: >=20 > On Thu, 2018-07-12 at 11:40 -0700, Conrad Meyer wrote: >> Identical results are very troubling. Maybe your readonly >> filesystems >> contain a static "entropy" file that is being fed in every boot (with Most certainly not. >> identical contents)? If so, you definitely want to remove that >> during >> image generation. That, in tandem with few other sources of entropy, >> could explain identical results. I suspect this to be the issue. >=20 > I have been reporting for years that certain kinds of embedded systems > lead to zero entropy available at boot, including the fact that the .. > It happens. Embedded systems are a different world, and if entropy is > important, sometimes we have to go out of our way to provide some. In our case it is merely a low end machine - but diskless, read-only and = with hardly any perifials. Dw.=